Описание
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| emacs | fixed | 1:29.3+1-1 | package | |
| emacs | fixed | 1:28.2+1-15+deb12u1 | bookworm | package |
| emacs | not-affected | bullseye | package | |
| emacs | not-affected | buster | package | |
| org-mode | fixed | 9.6.23+dfsg-1 | package | |
| org-mode | ignored | bookworm | package | |
| org-mode | not-affected | bullseye | package | |
| org-mode | not-affected | buster | package |
Примечания
https://www.openwall.com/lists/oss-security/2024/03/24/1
https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb
https://list.orgmode.org/87o7b3eczr.fsf@bzg.fr/T/#t
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9 (release_9.6.23)
Introduced by: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8abdbbee395f284f2262a89187d662eaf40080b1 (release_9.5)
Introduced by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=bf9ec3d91a79414deac039f7bf83352a9b0a9a85 (emacs-28.0.90)
org-mode/9.5.2+dfsh-5 dropped all lisp files from the produced binary packages
making an empty dependency package only.
EPSS
Связанные уязвимости
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.
EPSS